CVE-2024-37821
published 2024-06-18CVE-2024-37821: An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via…
PriorityP352high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.76%
50.5th percentile
An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | >= 0 < 19.0.2 | 19.0.2 |
| dolibarr | dolibarr_erp_crm | < 19.0.2 | 19.0.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Dolibarr arbitrary file upload vulnerability
ghsa·2024-06-18
CVE-2024-37821 [HIGH] CWE-434 Dolibarr arbitrary file upload vulnerability
Dolibarr arbitrary file upload vulnerability
An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.
OSV
Dolibarr arbitrary file upload vulnerability
osv·2024-06-18
CVE-2024-37821 [HIGH] Dolibarr arbitrary file upload vulnerability
Dolibarr arbitrary file upload vulnerability
An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-18
Published